CVE-2026-21941 is a medium-severity vulnerability in the Oracle MySQL product, specifically affecting the MySQL Server component. This vulnerability allows a high-privileged attacker with network access to exploit the system through multiple protocols. The affected versions include MySQL Server versions 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0. The vulnerability is easily exploitable, which raises significant concerns for organizations that deploy these versions.
The CVSS 3.1 base score assigned to this vulnerability is 4.9, indicating medium severity, with an emphasis on availability impacts. Attackers leveraging this vulnerability can induce a denial of service (DoS) condition, resulting in the MySQL Server hanging or crashing repeatedly. This risk to organizations includes potential disruptions in service and significant operational impacts.
Given the nature of this vulnerability, organizations should prioritize patching immediately. It is essential to ensure that the MySQL Server instances are updated to versions that are not affected by this vulnerability.
The vulnerability was published on January 20, 2026, and has been classified as analyzed. Organizations that utilize Oracle MySQL should remain vigilant and stay updated on any developments regarding this vulnerability.
Current exploitation status indicates no known public exploits, but the ease of exploitation highlights the necessity for immediate remediation efforts.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)